Which of the following are data models used by ES? (Choose all that apply.)

Answer(s): B

https://dev.splunk.com/enterprise/docs/developapps/enterprisesecurity/datamodelsusedbyes/

At what point in the ES installation process should Splunk_TA_ForIndexers.spl be deployed to the indexers?

When adding apps to the deployment server.
Splunk_TA_ForIndexers.spl is installed first.
After installing ES on the search head(s) and running the distributed configuration management tool.
Splunk_TA_ForIndexers.spl is only installed on indexer cluster sites using the cluster master and the
splunk apply cluster-bundle command.

Answer(s): B

https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons

Which correlation search feature is used to throttle the creation of notable events?

Answer(s): C

https://docs.splunk.com/Documentation/ES/6.1.0/Admin/Configurecorrelationsearches

Both “Recommended Actions” and “Adaptive Response Actions” use adaptive response. How do they differ?

Recommended Actions show a textual description to an analyst, Adaptive Response Actions show them encoded.
Recommended Actions show a list of Adaptive Responses to an analyst, Adaptive Response Actions run them automatically.
Recommended Actions show a list of Adaptive Responses that have already been run, Adaptive Response Actions run them automatically.
Recommended Actions show a list of Adaptive Resposes to an analyst, Adaptive Response Actions run manually with analyst intervention.

Answer(s): D

https://docs.splunk.com/Documentation/ES/latest/Admin/Configureadaptiveresponse

Free SPLK-3001 Exam Braindumps (page: 6)